Check for policies in app_gw
This commit is contained in:
parent
25a5d8f5da
commit
5b8e3689ec
|
@ -13,6 +13,8 @@ from revproxy.utils import encode_items, normalize_request_headers
|
||||||
|
|
||||||
from passbook.app_gw.models import ApplicationGatewayProvider
|
from passbook.app_gw.models import ApplicationGatewayProvider
|
||||||
from passbook.core.models import Application
|
from passbook.core.models import Application
|
||||||
|
from passbook.core.policies import PolicyEngine
|
||||||
|
from passbook.core.views.utils import PermissionDeniedView
|
||||||
|
|
||||||
IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored'
|
IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored'
|
||||||
LOGGER = getLogger(__name__)
|
LOGGER = getLogger(__name__)
|
||||||
|
@ -127,16 +129,22 @@ class ApplicationGatewayMiddleware:
|
||||||
.. versionadded:: 0.9.8
|
.. versionadded:: 0.9.8
|
||||||
"""
|
"""
|
||||||
request_headers = self.get_proxy_request_headers(self.request)
|
request_headers = self.get_proxy_request_headers(self.request)
|
||||||
|
|
||||||
if hasattr(self.request, 'user') and self.request.user.is_active:
|
|
||||||
request_headers[self.app_gw.authentication_header] = self.request.user.get_username()
|
request_headers[self.app_gw.authentication_header] = self.request.user.get_username()
|
||||||
LOGGER.info("REMOTE_USER set")
|
LOGGER.info("%s set", self.app_gw.authentication_header)
|
||||||
|
|
||||||
return request_headers
|
return request_headers
|
||||||
|
|
||||||
# def get_quoted_path(self, path):
|
def check_permission(self):
|
||||||
# """Return quoted path to be used in proxied request"""
|
"""Check if user is authenticated and has permission to access app"""
|
||||||
# return quote_plus(path.encode('utf8'), QUOTE_SAFE)
|
if not hasattr(self.request, 'user'):
|
||||||
|
return False
|
||||||
|
if not self.request.user.is_authenticated:
|
||||||
|
return False
|
||||||
|
policy_engine = PolicyEngine(self.app_gw.application.policies.all())
|
||||||
|
policy_engine.for_user(self.request.user).with_request(self.request).build()
|
||||||
|
passing, _messages = policy_engine.result
|
||||||
|
|
||||||
|
return passing
|
||||||
|
|
||||||
def get_encoded_query_params(self):
|
def get_encoded_query_params(self):
|
||||||
"""Return encoded query params to be used in proxied request"""
|
"""Return encoded query params to be used in proxied request"""
|
||||||
|
@ -206,6 +214,9 @@ class ApplicationGatewayMiddleware:
|
||||||
|
|
||||||
def dispatch(self, request):
|
def dispatch(self, request):
|
||||||
"""Build proxied request and pass to upstream"""
|
"""Build proxied request and pass to upstream"""
|
||||||
|
if not self.check_permission():
|
||||||
|
return PermissionDeniedView.as_view()(request)
|
||||||
|
|
||||||
self._request_headers = self.get_request_headers()
|
self._request_headers = self.get_request_headers()
|
||||||
|
|
||||||
# redirect_to = self._format_path_to_redirect(request)
|
# redirect_to = self._format_path_to_redirect(request)
|
||||||
|
|
Reference in a new issue